Month: January 2016

The biggest threat internet has ever seen is related to a sentence of the European Court of Justice, its consequences could block the data flow between countries closing internet into “areas”. Last October, the European Court of Justice struck down the Safe Harbor agreement, a 15­ year old transatlantic arrangement that permitted U.S. companies to transfer data, such as people’s Google search histories, outside the EU.

In invalidating the agreement, the ECJ found that the blurry relationship between private-sector data collection and national security in the United States violates the privacy rights of EU citizens whose data travel overseas. Basically ECJ states that since NSA can force USA companies to disclose data on their datacenter without a formal trial or without warning European governments when data are related to European citizens, Safe Harbor is not effective anymore.

We should remember that Safe Harbor was created to allow USA companies to store European citizen personal data with the same level of protection and privacy that those data would have had in Europe. Snowden’s revelation on NSA activities makes public that even if European data should be protected by this agreement, as a matter of fact any USA company can be forced to deliver those data to the USA government without noticing the data owners and relative government making the agreement, de facto, inapplicable. ECJ pointed out that this is due to a unilateral behavior of USA government and the decision to struck down Safe Harbor agreement was a technical consequence.

All started in 2013 when Max Schrems, an Austrian law student, brought a case in Ireland against the Safe Harbor agreement based on information revealed in the Snowden files. He argued that the NSA’s spying showed that there was no effective data protection regime in the United States and that the Safe Harbor agreement could not protect European citizens from mass surveillance. Ireland’s High Court appeared to agree, finding that “the Snowden revelations demonstrate a massive overreach on the part of the security authorities, with an almost studied indifference to the privacy interests of ordinary citizens. Their data protection rights have been seriously compromised by mass and largely unsupervised surveillance programs.”

The ECJ, in its ruling, cited the Irish High Court’s findings on the Snowden documents and directly tied the fate of the Safe Harbor program to the blurring of private sector data collection and public surveillance in the United States, concluding that national security, public interest, and law enforcement requirements of the United States prevail over the safe harbor scheme, so that United States undertakings are bound to disregard, without limitation, the protective rules laid down by that scheme where they conflict with such requirements. The United States safe harbor scheme thus enables interference, by United States public authorities, with the fundamental rights of persons.

The decision leaves U.S. technology companies with extensive international operations on shaky legal ground. Although some informed American observers anticipated the decision, most were caught flat­footed; some seemed downright bewildered. Myron Brilliant, the executive vice president of the U.S. Chamber of Commerce, said, “It is particularly alarming that this long­standing agreement has been invalidated with no discussion of a transition period or guidance regarding how companies should comply with the law.” Critics of the decision, including U.S. Commerce Secretary Penny Pritzker, argue that it will jeopardize the transatlantic digital economy, costing U.S. firms billions of dollars.

Without a new agreement, there is a significant risk that personal data will have to be quarantined within Europe, creating what Eric Schmidt, the executive chair of Alphabet (previously Google), called “per­country Internets.” If that occurred, he continued, it could risk destroying “one of the greatest achievements of humanity.” Some critics, without any consideration on what caused ECJ ruling, also charge that the EU is acting unilaterally to protect its businesses against foreign competition, damaging the open, democratic nature of the Internet. A funny statement coming from a country that, basically, pretended to rule on the internet since the beginning and continuously build protectionist barriers to protect its industry.

Over the past 70 years, the United States has built a global system in which information, investment, and trade move quickly and easily across borders. That openness has created an interdependent world in which the national rules and preferences of one country can shape the rules and preferences of others. The outsized power of the U.S. economy usually gives that role to the United States.

Despite publicly promoting an open and secure Internet, it has privately undermined the encryption of online communications and surreptitiously created vast international surveillance systems in cooperation with close allies, including the United Kingdom. In short, the United States has leveraged the world’s reliance on its economy to influence and spy on foreigners.

This strategy is reaching its limits, and the Safe Harbor decision powerfully demonstrates that Washington needs to wake up to the strategy’s costs.

Although the ECJ has no jurisdiction over the U.S. National Security Agency (NSA), it does have jurisdiction over the European operations of American firms. Its ruling demonstrates that the more Washington tries to leverage the interdependence of the global system for its own security goals, the more other states and their courts will actively resist a U.S. centered global economy. But mostly ECJ has jurisdiction over European rights, and it has a clear mandate to protect European citizen and its data.

Too often, policymakers in Washington mistakenly assume that the narrow self­interests of the United States and its businesses should automatically go hand in hand with the global order they have helped create. When foreign regulators have sought to apply national rules to U.S. technology companies, the United States has accused them of having ulterior motives. U.S. President Barack Obama, for example, has interpreted foreign governments’ efforts to protect their citizens’ rights against U.S. companies as protectionism in disguise. Speaking in a February 2015 interview about European investigations into Facebook and Google, he said,

“Our companies have created [the Internet], expanded it, perfected it in ways they [Europeans] can’t compete [with]. And oftentimes what is portrayed as high­minded positions on issues sometimes is just designed to carve out some of their commercial interests.”

Such claims are both wrong and politically unsustainable, protect European rights is a mandatory duty of every European government, even against USA requests.

When the United States targets states or individuals that are perceived as breaking the rules, such as Iran or Russia, it can usually persuade enough other states to join in, giving its actions a veneer of legitimacy. But when the United States breaks the rules itself in ways that undermine the basic constitutional guidelines of other countries, it should expect a backlash.

The United States had publicly proselytized for the free flow of information while secretly diverting these flows into NSA server farms. It had vigorously supported the global expansion of technology companies, championing the use of Twitter, for example, in pro­democratic movements such as those of the Arab Spring, while quietly requiring some of those firms to turn over troves of data and tapping into their servers overseas.

As U.S. actions have interfered with the basic rights of citizens abroad, they have drawn the ire of a different set of actors who are less easily cowed than politicians: judges, who often see their role as protecting fundamental constitutional protections rather than striking international compromises.

The ECJ has already struck down a measure requiring European communications firms to keep customer data for up to two years, in part because it feared that this information might leave the EU. Now the court has gone one step further, challenging the basis of the transfer of personal information from the EU to the United States.

The United States should recognize that globalization comes in different flavors and that Europeans have real and legitimate problems with ubiquitous U.S. surveillance and unilateralism.

The Safe Harbor dispute stems from the fact that the EU and the United States have fundamentally different understandings of how privacy should work in the digital age. Beginning in the 1990s, European countries developed comprehensive rules governing the collection and processing of personal information, overseen by independent regulatory agencies called “data protection authorities.” This approach to privacy was elevated to a fundamental constitutional right when the EU adopted its Charter of Fundamental Rights in 2009.

The United States, in contrast, lacks a comprehensive approach to privacy, relying instead on an idiosyncratic patchwork of specific—and, in some cases, dated—rules governing sectors as diverse as health care and video rentals.

The problem for the United States is that European regulations have long prohibited the transfer of data to countries that the EU considers to have weak privacy protections, among them the United States. Given the economic benefits of data exchange, the EU and the United States negotiated the Safe Harbor agreement in 2000 to work through these differences. As part of the arrangement, U.S. firms agreed to comply with a set of basic privacy principles overseen and enforced by the U.S. Federal Trade Commission.

In the past 15 years, more than 4,000 U.S. firms have come to rely on Safe Harbor to facilitate transatlantic e­commerce and to transfer data across jurisdictions.

The ECJ’s ruling jeopardizes all of that, U.S. firms have few attractive long­term options if they want to transfer data across the Atlantic. In the short term, EU rules still allow businesses to use contracts, for example, to transfer personal data to the United States. But such transfers are no better protected against U.S. state surveillance than Safe Harbor transfers were. Hamburg’s data commissioner has bluntly advised firms not to rely on these mechanisms and instead to simply keep their data on European servers. European data protection authorities have given Washington a few months’ reprieve to shape up but have threatened to take action if the United States has not reformed its privacy rules by the end of January 2016. They are demanding that the EU and the United States agree on a binding legal arrangement, such as a treaty, that guarantees European privacy rights by keeping data from U.S. intelligence agencies. If the United States does not amend its laws to protect Europeans, U.S. firms will likely need to Balkanize their data flows by quarantining European data in European data centers; otherwise, they will face sanctions from European data protection authorities.

Microsoft’s president, Brad Smith, warns that such fragmentation of the Internet risks a “digital dark ages” that could disrupt everything from credit­card payment systems to airline reservations, costing companies billions of dollars and threatening their global ambitions.

This is going to become a major issue between U.S. and the other countries, mostly EU (but U.K. of course). In the context of a criminal investigation, for example, the United States is now demanding that Microsoft hand over personal data housed in its data center in Ireland. Rather than requesting the data through the ordinary processes of intergovernmental exchange, in which the U.S. government would make a request to law enforcement officials in Ireland, the United States is using the global reach of its legal system to demand the data even in the face of opposition from both the Irish government and Silicon Valley companies that fear this move will further blacken their corporate reputations. A group of powerful technology giants, including Apple and Cisco Systems, has filed a “friends of the court” brief in support of Microsoft and against the U.S. government’s position.

Like this:

Ok I have crossed another year last year I have crossed my 50 (in august) and now I am trying to make a living i the 2016.

LinkedIn helped me to remind me there have been some work anniversary for me this month, and so I receive a lot of congratulations, which I really appreciated.

I usually do not stop to think about those anniversary, but receiving all those message make me think on what I am doing. So basically I receive anniversary wishes for my blogs, my activity as a trainer, journalistwriter and for my current Job.

let’s talk a bit about my blog: The Puchi Herald (yes this one) and the related publications(actually several): a long journey started collecting info i think were interesting, and ended with this blog.

I have to admit a blog is a good way to send away some stress, I do not expect people reading it, when I write I write mostly from myself, to help my ideas get clear. Happy to know there is people around the world enjoying it. I should write more, but time tyranny does not me allow to be more consistent.

I will try to be more active though, I have plenty of ideas and so a few time to write. Luckily I am in china now and I can Use my weekends to write, since I have nothing else to do. But I will talk about it more later.

Time and work are the most shameful constrains, and so I haven’t been able to write more even as a journalist, so I have not been present in daftbogger and hakin9 or eforensic magazine. I will try to get back on track this year.

Now last but not last one year in my Chinese job.

I have to say it is a hard long difficult journey, language and cultural barrier are sometimes a big obstacle. Living in Shenzhen 50% of my time always in hotels make me regret I don’t know any Chinese, sometimes even a taxi can be a difficult activity (mostly if they don’t want to pick you up as occurred me this week).

People here is very good, and food is great, alas the knowledge of English is even worse than in Italy. Most of Chinese people who study English do not practice it (apparently at school they do only written tests) the result is that the spoken language does not exist and as a result communication is hard. Sometimes you can overcome it with Wechat (Wēixìn) translator, sometimes with smiles and gesture. But people try to help you if they can and they are always smiling. Sure they insist you should drink more hot water…. (still not get used to it)

Hot water, is the common drinking. If I have to see a difference I would say is in the way they drink..tea, hot water, hard to find cold drink. even beer is commonly served at room temperature (they consider it cold). sometimes they do not drink during meals, since usually have a soup of some kind. the overall quality of food is good, and street food, if you dare, is great. Top restaurant can be expensive, but not at western levels, but sometimes the queue is unbearable, I have seen people waiting 2 hours to be seated…no way.

Orientation can be a problem, all signs are in 2 languages, English and Chinese. The problem is that the English you read is not the Chinese translation, so sometimes is hard to explain where is the place you need to go or need to meet. But the metro is great, cheap and easy to sue. On the other end taxi are a challenge. you have red and green, green can go everywhere, red have restrictions. They can be stopped on the street (if you are lucky to find one) but don’t expect they talk any English. And sometimes the meter does not start … not only with western guys but also to Chinese people, so prepare to have unpredictable fare… There is Uber that can be used, alas I don’t know why I haven’t been able, it does not accept my Italian paypal and it seems not possible from here to connect my credit card.

And if you think to use a map … you should remember that google services does not work here, so better you have a Microsoft or Apple phone or download an offline map, unless you want to try a Chinese one (be my guest with the user interface, lol).

Hotels are a big question mark here, they look good, but it is hard to find an English-speaking support or even English material telling what to do for, as an example, connecting to wifi or have standard services as room service. If there is a refrigerator (Chinese people does not like cold stuff, even beer should be requested cold) it is empty and disconnected, and if you are lucky you find 2 tv channels not in Chinese (one from Hong Kong, amusing the censorship when it strike). Of course this is not the situation in 5 star hotels for western and Chinese rich guests, hotels that are not passed by my company (3 stars in western standard are considered luxury).

Overall is easier to live than to work in china. The biggest differences are related to management style that is quite far from western standards, the Chinese attitude in business to not see the obstacle, the complete dependency by procedure and rules that overrule even reality (not so different from some big western company you could say). Generally speaking is very hard for a Chinese to accept another point of view, mostly if coming from a western guy, they jump immediately on the defensive putting rules and policies in front of you. Even in front of evidence that the rule is not working there is a tangible reaction, all is forwarded to the “company” or the “managers”. Sometimes is frustrating, but I am starting to get used to, they have their way to overcome the problems, even if sometimes not at the requested speed (workaround are not always effective or timely, but workaround is all you can have here). As a general statement, it is not accepted any critic, and suggestions have to be carefully presented in a way that does not seems to contradict what they are doing. And anyway they will deny any difficulty. This is the reason they tend to have all Chinese managers and the biggest number of employees native Chinese or with Chinese heritage. The few westerns they keep on board are due to a critical lack of expertise or external constrains, and they have a hard life form a management and communication point of view. Some are happy, by the way, because this way they can live in a relative close and stable environment as long as they do not show themselves. let say that understatement, agree and not contradict is the best way to survive, easier in technical role, hard when it comes to business, communication, marketing or external related stuffs. Alas embracing the Chinese way is not in my strings so makes my surviving more difficult.